articles

Data Security Encirclement and Encryption

Some movement on the enforcement front of encryption, as the Eighth U.S. Circuit Court of Appeals has confirmed the Federal Trade Commission’s authority to enforce data security standards. After a case involving three separate data breaches at Wyndham hotels, which were facilitated by Wyndham allegedly misrepresenting the security measures it had in place, the court held that the hotel had not acted equitably by investing inadequate resources into a top concern of American consumers (according to the Electronic Information Privacy Center). This ruling re-establishes the FTC’s critical role in corporate cybersecurity, allowing the agency to go after those who fail to protect customers’ personal information.

It’s ironic, then, that development like this runs alongside efforts from politicians and other government agencies to weaken encryption, in effect making consumers more vulnerable to cyber criminals who already seem to have a far too easy time of it. I’ve written previously about the FBI and Justice Department’s persistent push for exclusive backdoor access into software and devices from companies like Microsoft and Apple, and my thoughts on the issue. These days, they’re joined by presidential candidate Jeb Bush, who claimed at a recent forum hosted by lobbyist group Americans for Peace, Prosperity and Security (APPS) that the balance between surveillance and civil liberties has actually swung too far in the latter direction. I know, right? He states: “If you create encryption, it makes it harder for the American government to do its job – while protecting civil liberties – to make sure that evildoers aren’t in our midst.” If Jeb wants to distance himself from his brother, he might want to white out words like “evildoers” from his mental lexicon.

Across the pond, earlier this year David Cameron took the crazy a step further, wanting to ban encryption outright, at least for end-to-end messaging. Because terrorism, of course; what else would be invoked in delivering an economically destructive blow to Britain? Sure, rather than send our bank details to a secure server, let’s just skywrite them for everyone to see. One marvels at the apparent technological illiteracy of politicians the world over (or not), especially in the face of other cyber campaign busts, such as the takedown of Silk Road and the imprisoning of its operator Ross Ulbricht.

Since the shuttering of Silk Road, the illicit online marketplace that at its height was estimated to be taking in $100 million per year, all that has been accomplished is for new competitors to fill the void with their own increasingly lucrative operations. Since when does cutting off one of the Hydra’s heads produce anything other than the opposite of the intended effect? Even another effort in November, the international Operation Onymous, only succeeded in seizing a paltry $1 million in Bitcoin from a few sites. As it has throughout human history, the underground market continues to flourish.

It reminds me of a passage from one of my favorite reads, Shantaram by Gregory David Roberts. “Greed without control, or control without greed won’t give you a black market. Men can be greedy for the profit made from, let’s say pastries, but if there isn’t strict control on the baking of pastries, there won’t be a black market for apple strudel. And the government has very strict controls on the disposal of sewage, but without greed for profit from sewage, there won’t be a black market for sh*t. When greed meets control, you get a black market.”

Actions that reflect a lack of even this understanding don’t inspire much good will when those same organizations come calling for weaker protections for consumers.